Hi, I’m Faith Anuhya. I’m a cybersecurity engineering graduate student with a strong focus on defensive security, system hardening, and secure architecture across endpoints, networks, and cloud environments. My work involves translating security principles into practical controls, from policy design and testing to monitoring, incident analysis, and resilience validation.
I believe the strongest security systems exist to protect something fragile — people, data, and trust.
Areas where I design, analyze, test, and validate security controls across real systems.
I work on detecting, analyzing, and responding to security threats across enterprise environments. This includes investigating PCAPs, correlating logs, and validating intrusion detection using tools such as Wireshark, SIEM platforms, and host-level telemetry. My focus is on understanding attacker behavior, verifying defensive assumptions, and ensuring monitoring and response mechanisms function under real operational conditions.
I conduct system, memory, and network forensics to uncover unauthorized activity, persistence mechanisms, and indicators of compromise. My experience includes static and dynamic malware analysis using Volatility, Autopsy, PEStudio, Process Monitor, and FakeNet-NG in controlled environments. I focus on reconstructing incident timelines and understanding how malicious code interacts with operating systems and networks.
I assess web applications and APIs for logic flaws, authorization weaknesses, and common vulnerability patterns aligned with OWASP Top 10 and CWE standards. This includes manual testing, automated scanning, and bug-bounty style reconnaissance using Burp Suite and OWASP ZAP, with emphasis on trust boundaries, session handling, and input validation.
I design and test cloud-native and distributed systems with security, resilience, and fault tolerance in mind. My experience includes containerized deployments using Docker and Kubernetes, distributed databases such as Apache Cassandra and PostgreSQL, and message-driven systems built with Kafka.
I work with applied cryptography to understand how secure systems protect data in transit and at rest. My projects include encryption schemes, key exchange mechanisms, perfect forward secrecy, and secure computation techniques using AES, RSA, SHA-256, and related primitives.
I develop and test security policies aligned with Zero Trust principles, focusing on identity, device posture, and least-privilege enforcement. This includes translating CIS Benchmarks and architectural principles into enforceable controls, validating them in test environments, and documenting gaps, risks, and operational impact.
Case-driven investigations analyzing disk, memory, and network artifacts to reconstruct security incidents and attacker behavior.
Applied cryptography projects exploring encryption, secure computation, and real-world implementation risks in modern systems.
Designing and testing distributed systems for security, fault tolerance, consistency, and controlled access under failure.
Professional and applied security experience across defensive operations, policy engineering, and system-level analysis.
Oct 2025 – Dec 2025 • Zero Trust & Policy Engineering
Developed and tested endpoint and Android security policies aligned with CIS Benchmarks and Zero Trust principles using controlled test environments. Validated policy enforcement, compliance behavior, and real-world usability, while supporting security assessments, risk analysis, and governance documentation.
Sep 2025 – Nov 2025 • Blue Team & Detection
Performed network and endpoint investigations by analyzing PCAPs, logs, and telemetry to identify security incidents. Implemented and tested defenses against directory traversal and DoS attacks, and practiced log correlation and incident response workflows in simulated enterprise environments.
Mar 2025 – May 2025 • Malware Analysis
Conducted static and dynamic malware analysis in isolated Windows environments to identify indicators of compromise, persistence mechanisms, and execution behavior. Documented full analysis workflows, findings, and conclusions in structured technical reports.
Mar 2022 – May 2022 • Application Security
Performed web application security assessments to identify vulnerabilities including SQL injection, XSS, CSRF, and insecure headers. Built Python and Bash scripts to automate vulnerability checks and supported the integration of Secure SDLC practices into development workflows.
Open to collaboration, research discussions, and security-focused conversations.